@rigstate/cli 0.6.0

package/src/utils/manifest.ts

@@ -0,0 +1,18 @@
+import fs from 'fs/promises';
+import path from 'path';
+
+export interface RigstateManifest {
+    project_id: string;
+    api_url?: string;
+    linked_at?: string;
+}
+
+export async function loadManifest(): Promise<RigstateManifest | null> {
+    try {
+        const manifestPath = path.join(process.cwd(), '.rigstate');
+        const content = await fs.readFile(manifestPath, 'utf-8');
+        return JSON.parse(content);
+    } catch {
+        return null;
+    }
+}

package/src/utils/rule-engine.ts

@@ -0,0 +1,292 @@
+/**
+ * Rule Engine - Evaluates Guardian rules against local files
+ */
+
+import fs from 'fs/promises';
+import path from 'path';
+import chalk from 'chalk';
+
+export interface EffectiveRule {
+    id: string;
+    rule_name: string;
+    rule_type: string;
+    value: Record<string, unknown>;
+    severity: 'critical' | 'warning' | 'info';
+    description: string;
+    source: 'global' | 'project_override';
+    is_enabled: boolean;
+}
+
+export interface Violation {
+    file: string;
+    rule: string;
+    ruleType: string;
+    severity: 'critical' | 'warning' | 'info';
+    message: string;
+    details?: string;
+    line?: number;
+}
+
+export interface CheckResult {
+    file: string;
+    violations: Violation[];
+    passed: boolean;
+}
+
+/**
+ * Check a single file against all rules
+ */
+export async function checkFile(
+    filePath: string,
+    rules: EffectiveRule[],
+    rootPath: string
+): Promise<CheckResult> {
+    const violations: Violation[] = [];
+    const relativePath = path.relative(rootPath, filePath);
+
+    try {
+        const content = await fs.readFile(filePath, 'utf-8');
+        const lines = content.split('\n');
+
+        for (const rule of rules) {
+            const ruleViolations = await evaluateRule(rule, content, lines, relativePath);
+            violations.push(...ruleViolations);
+        }
+
+    } catch (error: any) {
+        violations.push({
+            file: relativePath,
+            rule: 'FILE_READ_ERROR',
+            ruleType: 'SYSTEM',
+            severity: 'warning',
+            message: `Could not read file: ${error.message}`
+        });
+    }
+
+    return {
+        file: relativePath,
+        violations,
+        passed: violations.length === 0
+    };
+}
+
+/**
+ * Evaluate a single rule against file content
+ */
+async function evaluateRule(
+    rule: EffectiveRule,
+    content: string,
+    lines: string[],
+    filePath: string
+): Promise<Violation[]> {
+    const violations: Violation[] = [];
+
+    switch (rule.rule_type) {
+        case 'MAX_FILE_LINES': {
+            const value = rule.value as { limit: number; warning_threshold?: number };
+            const lineCount = lines.length;
+
+            if (lineCount > value.limit) {
+                violations.push({
+                    file: filePath,
+                    rule: rule.rule_name,
+                    ruleType: rule.rule_type,
+                    severity: 'critical',
+                    message: `File exceeds ${value.limit} lines`,
+                    details: `Current: ${lineCount} lines (limit: ${value.limit})`
+                });
+            } else if (value.warning_threshold && lineCount > value.warning_threshold) {
+                violations.push({
+                    file: filePath,
+                    rule: rule.rule_name,
+                    ruleType: rule.rule_type,
+                    severity: 'warning',
+                    message: `File approaching line limit`,
+                    details: `Current: ${lineCount} lines (warning at: ${value.warning_threshold}, limit: ${value.limit})`
+                });
+            }
+            break;
+        }
+
+        case 'MAX_FUNCTION_LINES': {
+            const value = rule.value as { limit: number };
+            const functionViolations = checkFunctionLines(content, lines, filePath, rule, value.limit);
+            violations.push(...functionViolations);
+            break;
+        }
+
+        case 'PATTERN_FORBIDDEN': {
+            const value = rule.value as { pattern: string; message?: string };
+            const pattern = new RegExp(value.pattern, 'g');
+
+            let match;
+            while ((match = pattern.exec(content)) !== null) {
+                const lineNumber = content.substring(0, match.index).split('\n').length;
+                violations.push({
+                    file: filePath,
+                    rule: rule.rule_name,
+                    ruleType: rule.rule_type,
+                    severity: rule.severity,
+                    message: value.message || `Forbidden pattern found: ${value.pattern}`,
+                    line: lineNumber,
+                    details: `Found: "${match[0].substring(0, 50)}${match[0].length > 50 ? '...' : ''}"`
+                });
+            }
+            break;
+        }
+
+        case 'PATTERN_REQUIRED': {
+            const value = rule.value as { pattern: string; context?: string };
+            const pattern = new RegExp(value.pattern);
+
+            // Only check if context matches (e.g., only in certain file types)
+            const shouldCheck = !value.context || filePath.includes(value.context);
+
+            if (shouldCheck && !pattern.test(content)) {
+                violations.push({
+                    file: filePath,
+                    rule: rule.rule_name,
+                    ruleType: rule.rule_type,
+                    severity: rule.severity,
+                    message: `Required pattern not found: ${value.pattern}`,
+                    details: value.context ? `Expected in files matching: ${value.context}` : undefined
+                });
+            }
+            break;
+        }
+
+        case 'NAMING_CONVENTION': {
+            const value = rule.value as { pattern: string; context: string };
+            const pattern = new RegExp(value.pattern);
+            const fileName = path.basename(filePath);
+
+            // Check if context matches (e.g., "components" for component files)
+            if (filePath.includes(value.context) && !pattern.test(fileName)) {
+                violations.push({
+                    file: filePath,
+                    rule: rule.rule_name,
+                    ruleType: rule.rule_type,
+                    severity: rule.severity,
+                    message: `File name does not match naming convention`,
+                    details: `Expected pattern: ${value.pattern}`
+                });
+            }
+            break;
+        }
+
+        default:
+            // Unknown rule type, skip
+            break;
+    }
+
+    return violations;
+}
+
+/**
+ * Check function line counts using simple heuristics (not full AST)
+ * Works for TypeScript/JavaScript
+ */
+function checkFunctionLines(
+    content: string,
+    lines: string[],
+    filePath: string,
+    rule: EffectiveRule,
+    limit: number
+): Violation[] {
+    const violations: Violation[] = [];
+
+    // Simple regex-based detection for functions
+    // Matches: function name(), async function name(), const name = () =>, const name = function()
+    const functionPatterns = [
+        /(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\([^)]*\)\s*\{/g,
+        /(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\([^)]*\)\s*=>\s*\{/g,
+        /(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?function\s*\([^)]*\)\s*\{/g,
+        /(\w+)\s*\([^)]*\)\s*\{/g // Method in class/object
+    ];
+
+    for (const pattern of functionPatterns) {
+        let match;
+        while ((match = pattern.exec(content)) !== null) {
+            const functionName = match[1];
+            const startIndex = match.index + match[0].length - 1; // Position of opening brace
+
+            // Find matching closing brace
+            let braceCount = 1;
+            let endIndex = startIndex + 1;
+
+            while (braceCount > 0 && endIndex < content.length) {
+                if (content[endIndex] === '{') braceCount++;
+                else if (content[endIndex] === '}') braceCount--;
+                endIndex++;
+            }
+
+            // Count lines in function
+            const functionContent = content.substring(startIndex, endIndex);
+            const functionLines = functionContent.split('\n').length;
+
+            if (functionLines > limit) {
+                const lineNumber = content.substring(0, match.index).split('\n').length;
+                violations.push({
+                    file: filePath,
+                    rule: rule.rule_name,
+                    ruleType: rule.rule_type,
+                    severity: rule.severity,
+                    message: `Function "${functionName}" exceeds ${limit} lines`,
+                    line: lineNumber,
+                    details: `Current: ${functionLines} lines (limit: ${limit})`
+                });
+            }
+        }
+    }
+
+    return violations;
+}
+
+/**
+ * Format violations for console output
+ */
+export function formatViolations(violations: Violation[]): void {
+    for (const v of violations) {
+        const severityColor = v.severity === 'critical' ? chalk.red :
+            v.severity === 'warning' ? chalk.yellow : chalk.blue;
+
+        const lineInfo = v.line ? chalk.dim(`:${v.line}`) : '';
+
+        console.log(`  ${severityColor(`[${v.severity.toUpperCase()}]`)} ${v.file}${lineInfo}`);
+        console.log(`    ${v.message}`);
+        if (v.details) {
+            console.log(`    ${chalk.dim(v.details)}`);
+        }
+    }
+}
+
+/**
+ * Summarize results
+ */
+export function summarizeResults(results: CheckResult[]): {
+    totalFiles: number;
+    totalViolations: number;
+    criticalCount: number;
+    warningCount: number;
+    infoCount: number;
+} {
+    let criticalCount = 0;
+    let warningCount = 0;
+    let infoCount = 0;
+
+    for (const result of results) {
+        for (const v of result.violations) {
+            if (v.severity === 'critical') criticalCount++;
+            else if (v.severity === 'warning') warningCount++;
+            else infoCount++;
+        }
+    }
+
+    return {
+        totalFiles: results.length,
+        totalViolations: criticalCount + warningCount + infoCount,
+        criticalCount,
+        warningCount,
+        infoCount
+    };
+}

package/src/utils/skills-provisioner.ts

@@ -0,0 +1,153 @@
+import { AgentSkill } from '@rigstate/rules-engine';
+import axios from 'axios';
+import fs from 'fs/promises';
+import path from 'path';
+import chalk from 'chalk';
+
+/**
+ * Provisions Agent Skills to the local project.
+ * 
+ * Flow:
+ * 1. Fetch skills from API (database)
+ * 2. Merge with core skills from rules-engine
+ * 3. Write to .agent/skills/<name>/SKILL.md
+ * 4. Return list of provisioned skills for .cursorrules injection
+ */
+export async function provisionSkills(
+    apiUrl: string,
+    apiKey: string,
+    projectId: string,
+    rootDir: string
+): Promise<AgentSkill[]> {
+    const skills: AgentSkill[] = [];
+
+    // 1. Fetch skills from database (user + global + core)
+    try {
+        const response = await axios.get(`${apiUrl}/api/v1/skills`, {
+            params: { project_id: projectId },
+            headers: { Authorization: `Bearer ${apiKey}` }
+        });
+
+        if (response.data.success && response.data.data) {
+            for (const dbSkill of response.data.data) {
+                skills.push({
+                    name: dbSkill.name,
+                    description: dbSkill.description,
+                    specialist: dbSkill.specialist || 'General',
+                    version: dbSkill.version || '1.0.0',
+                    governance: dbSkill.governance || 'OPEN',
+                    content: dbSkill.content
+                });
+            }
+        }
+    } catch (e: any) {
+        // API might not have skills endpoint yet - fall through to core skills
+        const msg = e.response?.data?.error || e.message;
+        console.log(chalk.dim(`  (Skills API not available: ${msg}, using core library)`));
+    }
+
+    // 2. If no skills from DB, use core library from rules-engine
+    if (skills.length === 0) {
+        const { getRigstateStandardSkills } = await import('@rigstate/rules-engine');
+        const coreSkills = getRigstateStandardSkills();
+        skills.push(...coreSkills);
+    }
+
+    // 3. Write skills to .agent/skills/
+    const skillsDir = path.join(rootDir, '.agent', 'skills');
+    await fs.mkdir(skillsDir, { recursive: true });
+
+    for (const skill of skills) {
+        const skillDir = path.join(skillsDir, skill.name);
+        await fs.mkdir(skillDir, { recursive: true });
+
+        const skillContent = `---
+name: ${skill.name}
+description: ${skill.description}
+version: "${skill.version}"
+specialist: ${skill.specialist}
+governance: ${skill.governance}
+---
+
+${skill.content}
+
+---
+*Provisioned by Rigstate CLI. Do not modify manually.*`;
+
+        const skillPath = path.join(skillDir, 'SKILL.md');
+        await fs.writeFile(skillPath, skillContent, 'utf-8');
+    }
+
+    console.log(chalk.green(`  ✅ Provisioned ${skills.length} skill(s) to .agent/skills/`));
+
+    return skills;
+}
+
+/**
+ * Generate the <available_skills> XML block for .cursorrules
+ */
+export function generateSkillsDiscoveryBlock(skills: AgentSkill[]): string {
+    if (skills.length === 0) return '';
+
+    const skillBlocks = skills.map(skill => `  <skill>
+    <name>${skill.name}</name>
+    <description>${skill.description}</description>
+    <location>.agent/skills/${skill.name}/SKILL.md</location>
+  </skill>`).join('\n');
+
+    return `<available_skills>
+${skillBlocks}
+</available_skills>`;
+}
+/**
+ * Just-In-Time provisioning of a specific skill.
+ * Checks if the skill is already in .cursorrules and injects it if not.
+ */
+export async function jitProvisionSkill(
+    skillId: string,
+    apiUrl: string,
+    apiKey: string,
+    projectId: string,
+    rootDir: string
+): Promise<boolean> {
+    const rulesPath = path.join(rootDir, '.cursorrules');
+    let rulesContent = '';
+
+    try {
+        rulesContent = await fs.readFile(rulesPath, 'utf-8');
+    } catch (e) {
+        return false;
+    }
+
+    const isProvisioned = rulesContent.includes(`<name>${skillId}</name>`) ||
+        rulesContent.includes(`.agent/skills/${skillId}`);
+
+    if (isProvisioned) return false;
+
+    console.log(chalk.yellow(`  ⚡ JIT PROVISIONING: Injecting ${skillId}...`));
+
+    try {
+        const skills = await provisionSkills(apiUrl, apiKey, projectId, rootDir);
+        const skillsBlock = generateSkillsDiscoveryBlock(skills);
+
+        if (rulesContent.includes('<available_skills>')) {
+            rulesContent = rulesContent.replace(
+                /<available_skills>[\s\S]*?<\/available_skills>/,
+                skillsBlock
+            );
+        } else if (rulesContent.includes('## 🧠 PROJECT CONTEXT')) {
+            const insertPoint = rulesContent.indexOf('---', rulesContent.indexOf('## 🧠 PROJECT CONTEXT'));
+            if (insertPoint !== -1) {
+                rulesContent = rulesContent.slice(0, insertPoint + 3) +
+                    '\n\n' + skillsBlock + '\n' +
+                    rulesContent.slice(insertPoint + 3);
+            }
+        }
+
+        await fs.writeFile(rulesPath, rulesContent, 'utf-8');
+        return true;
+    } catch (e: any) {
+        console.log(chalk.red(`  Failed to provision skill: ${e.message}`));
+        return false;
+    }
+}

package/src/utils/version.ts

@@ -0,0 +1 @@
+export async function checkVersion() {}

package/src/utils/watchdog.ts

@@ -0,0 +1,215 @@
+/**
+ * Guardian Watchdog - Scans files against governance rules
+ * Now fetches rules from API with fallback to cache/defaults
+ */
+
+import fs from 'fs/promises';
+import path from 'path';
+import chalk from 'chalk';
+import axios from 'axios';
+import { getApiUrl, getApiKey } from './config.js';
+
+interface EffectiveRule {
+    id: string;
+    rule_name: string;
+    rule_type: string;
+    value: Record<string, unknown>;
+    severity: 'critical' | 'warning' | 'info';
+    description: string;
+    source: 'global' | 'project_override';
+    is_enabled: boolean;
+}
+
+interface ScanResult {
+    file: string;
+    lines: number;
+    status: 'OK' | 'WARNING' | 'VIOLATION';
+}
+
+const DEFAULT_LMAX = 400;
+const DEFAULT_LMAX_WARNING = 350;
+const CACHE_FILE = '.rigstate/rules-cache.json';
+
+async function countLines(filePath: string): Promise<number> {
+    try {
+        const content = await fs.readFile(filePath, 'utf-8');
+        return content.split('\n').length;
+    } catch (e) {
+        return 0;
+    }
+}
+
+async function getFiles(dir: string, extension: string[]): Promise<string[]> {
+    const entries = await fs.readdir(dir, { withFileTypes: true });
+    const files = await Promise.all(entries.map(async (entry) => {
+        const res = path.resolve(dir, entry.name);
+        if (entry.isDirectory()) {
+            if (entry.name === 'node_modules' || entry.name === '.git' || entry.name === '.next' || entry.name === 'dist') return [];
+            return getFiles(res, extension);
+        } else {
+            return extension.some(ext => entry.name.endsWith(ext)) ? res : [];
+        }
+    }));
+    return files.flat();
+}
+
+/**
+ * Fetch rules from API with fallback
+ */
+async function fetchRulesFromApi(projectId: string): Promise<{
+    lmax: number;
+    lmaxWarning: number;
+    source: string;
+}> {
+    try {
+        const apiUrl = getApiUrl();
+        const apiKey = getApiKey();
+
+        const response = await axios.get(`${apiUrl}/api/v1/guardian/rules`, {
+            params: { project_id: projectId },
+            headers: { Authorization: `Bearer ${apiKey}` },
+            timeout: 10000
+        });
+
+        if (response.data.success && response.data.data.settings) {
+            return {
+                lmax: response.data.data.settings.lmax || DEFAULT_LMAX,
+                lmaxWarning: response.data.data.settings.lmax_warning || DEFAULT_LMAX_WARNING,
+                source: 'API (Dynamic)'
+            };
+        }
+    } catch (error) {
+        // Try to load from cache
+        try {
+            const cachePath = path.join(process.cwd(), CACHE_FILE);
+            const content = await fs.readFile(cachePath, 'utf-8');
+            const cached = JSON.parse(content);
+            if (cached.settings) {
+                return {
+                    lmax: cached.settings.lmax || DEFAULT_LMAX,
+                    lmaxWarning: cached.settings.lmax_warning || DEFAULT_LMAX_WARNING,
+                    source: 'Cache (Fallback)'
+                };
+            }
+        } catch {
+            // Cache read failed
+        }
+    }
+
+    // Default fallback
+    return {
+        lmax: DEFAULT_LMAX,
+        lmaxWarning: DEFAULT_LMAX_WARNING,
+        source: 'Default (Hardcoded)'
+    };
+}
+
+export async function runGuardianWatchdog(
+    rootPath: string,
+    settings: Record<string, any> = {},
+    projectId?: string
+): Promise<void> {
+    console.log(chalk.bold('\n🛡️  Active Guardian Watchdog Initiated...'));
+
+    // Try to get rules from API if projectId is provided
+    let lmax = settings.lmax || DEFAULT_LMAX;
+    let lmaxWarning = settings.lmax_warning || DEFAULT_LMAX_WARNING;
+    let ruleSource = settings.lmax ? 'Settings (Passed)' : 'Default';
+
+    if (projectId) {
+        const apiRules = await fetchRulesFromApi(projectId);
+        lmax = apiRules.lmax;
+        lmaxWarning = apiRules.lmaxWarning;
+        ruleSource = apiRules.source;
+    }
+
+    console.log(chalk.dim(`Governance Rules: L_max=${lmax}, L_max_warning=${lmaxWarning}, Source: ${ruleSource}`));
+
+    const targetExtensions = ['.ts', '.tsx'];
+    let scanTarget = rootPath;
+    const webSrc = path.join(rootPath, 'apps', 'web', 'src');
+
+    try {
+        await fs.access(webSrc);
+        scanTarget = webSrc;
+    } catch {
+        // apps/web/src not found, scanning root or provided path
+    }
+
+    console.log(chalk.dim(`Scanning target: ${path.relative(process.cwd(), scanTarget)}`));
+
+    const files = await getFiles(scanTarget, targetExtensions);
+
+    let violations = 0;
+    let warnings = 0;
+
+    const results: ScanResult[] = [];
+
+    for (const file of files) {
+        const lines = await countLines(file);
+        const relPath = path.relative(rootPath, file);
+
+        if (lines > lmax) {
+            results.push({ file: relPath, lines, status: 'VIOLATION' });
+            violations++;
+            console.log(chalk.red(`[VIOLATION] ${relPath}: ${lines} lines (Limit: ${lmax})`));
+        } else if (lines > lmaxWarning) {
+            results.push({ file: relPath, lines, status: 'WARNING' });
+            warnings++;
+            console.log(chalk.yellow(`[WARNING]   ${relPath}: ${lines} lines (Threshold: ${lmaxWarning})`));
+        }
+    }
+
+    if (violations === 0 && warnings === 0) {
+        console.log(chalk.green(`✔ All ${files.length} files are within governance limits.`));
+    } else {
+        console.log('\n' + chalk.bold('Summary:'));
+        console.log(chalk.red(`Violations: ${violations}`));
+        console.log(chalk.yellow(`Warnings:   ${warnings}`));
+
+        // --- GOVERNANCE INTERVENTION LOGIC ---
+        const { getGovernanceConfig, setSoftLock, InterventionLevel } = await import('./governance.js');
+        const { governance } = await getGovernanceConfig(rootPath);
+        console.log(chalk.dim(`Intervention Level: ${InterventionLevel[governance.intervention_level] || 'UNKNOWN'} (${governance.intervention_level})`));
+
+        if (violations > 0) {
+            console.log(chalk.red.bold('\nCRITICAL: Governance violations detected. Immediate refactoring required.'));
+
+            // Check for SENTINEL MODE (Level 2)
+            if (governance.intervention_level >= InterventionLevel.SENTINEL) {
+                console.log(chalk.red.bold('🛑 SENTINEL MODE: Session SOFT_LOCKED until resolved.'));
+                console.log(chalk.red('   Run "rigstate override <id> --reason \\"...\\"" if this is an emergency.'));
+                await setSoftLock('Sentinel Mode: Governance Violations Detected', 'ARC-VIOLATION', rootPath);
+            }
+        }
+    }
+
+    // Sync to Cloud via API
+    if (projectId) {
+        try {
+            const apiUrl = getApiUrl();
+            const apiKey = getApiKey();
+
+            const payloadViolations = results.filter(r => r.status === 'VIOLATION').map(v => ({
+                uid: 'V-' + Buffer.from(v.file).toString('base64').replace(/=/g, ''),
+                filePath: v.file,
+                lineCount: v.lines,
+                limitValue: lmax,
+                severity: 'CRITICAL'
+            }));
+
+            await axios.post(`${apiUrl}/api/v1/guardian/sync`, {
+                projectId,
+                violations: payloadViolations,
+                warnings: warnings
+            }, {
+                headers: { Authorization: `Bearer ${apiKey}` }
+            });
+
+            console.log(chalk.dim('✔ Violations synced to Rigstate Cloud.'));
+
+        } catch (e: any) {
+            console.log(chalk.dim('⚠ Cloud sync skipped: ' + (e.message || 'Unknown')));
+        }
+    }
+}